According to a statement from the ACA, the hacker created several platforms offering users malicious software designed to steal personal data from individuals and public and private institutions, especially those providing financial services.
Moreover, the accused set up fake, fraudulent websites impersonating these institutions and sold them to interested buyers for sums of money in US dollars, which were paid using cryptocurrency to avoid detection and make it difficult to trace the transactions, the statement read.
The ACA stated that the hacker's platforms were among the largest global platforms involved in these crimes in 2024, with total transactions exceeding hundreds of thousands of dollars.
The authority warned about rising cyber fraud attacks that seek to compromise personal and financial data.
Reasons for hacking
Hackers steal personal data primarily for financial gain, frequently selling it on the dark web to criminals who use it for fraud, account takeovers, and extortion.
Criminals use personal details to commit fraud, take out loans, or engage in tax fraud.
Additionally, stolen login credentials enable account takeovers and hackers to access online shopping platforms or financial accounts.
Stealing data harms both individuals and businesses, resulting in spear phishing attacks, fraud, and data breaches.
Egypt's measures
As the number of internet users has increased, with Egypt's internet subscriptions reaching 106.2 million in December 2023, the country has implemented legal measures to combat cybercrimes targeting individuals and state institutions through social media and other digital platforms.
In 2018, President Abdel-Fattah El-Sisi approved an anti-cybercrime law that imposes heavy fines and prison sentences for hacking government information systems and crimes committed using information systems and technologies, including email-related offences.
The 45-article Anti-Cyber and Information Technology Crimes law also focuses on addressing the use of the internet by extremist and terrorist groups to plan attacks.
According to Article 23, anyone who uses information technology to access bank card data or other e-payment services unlawfully would face imprisonment for at least three months and a fine of around EGP 30,000-50,000.
If the intention was to steal funds or services, the penalty would be at least six months in prison and a fine of around EGP 50,000-100,000. If the perpetrator successfully obtains these funds or services, the penalty would be imprisonment for at least one year and a fine of at least EGP 100,000.
Similarly, article 24 addresses crimes involving the creation of fake emails, websites, or accounts. The penalty for creating a fake identity linked to a natural or legal person is imprisonment for at least three months and a fine of around EGP 10,000-30,000.
Short link: